SlideShare una empresa de Scribd logo

AWS Management Tools Deep Dive - DevDay Los Angeles 2017

Amazon Web Services
Amazon Web Services

You will learn: - Why we built AWS Management Tools - What is AWS Management Tools - Capabilities you need

1 de 46
WIFI: awsDevDay | PASS: CodeHappy U P N E X T : AWS Management Tools Deep Dive
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Tools Deep Dive Take control over your cloud environment Chuck Meyer Sr Developer Advocate, CloudFormation October 10, 2017
AWS Management Tools • Why did we build AWS Management Tools • What is AWS Management Tools • Capabilities you need • Q&A
The challenge Agility Control Visibility Growth Complexity Cloud
What do you need? Control over your cloud environment Provision resources Gain insights Monitor and optimize
AWS Management Tools capabilities Model and automate Gain visibility Respond to changes Optimize Integrate Control
Model your cloud with AWS CloudFormation Template CloudFormation Stack JSON/YAML formatted file Parameter definition Resource creation Configuration actions Configured AWS services Comprehensive service support Service event aware Customizable Framework Stack creation Stack updates Error detection and rollback • CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion
AWS CloudFormation key benefits Infrastructure as Code Declarative and Flexible Easy to Use Supports a Wide Range of AWS Resources
New Feature Launch: StackSets
What are StackSets? Allow creation of a common set of AWS resources across accounts and regions Provide a container for a collection of AWS CloudFormation stacks Stack 2 : A2, us-west1 Stack 3 : A3, us-west -1 Stack 4: A 4, us-west-1 Stack 5: A5, us-west-1 Stack 1: A1, us-west-1
Use cases? Provisioning multiple accounts with identical AWS resources • Set up AWS KMS keys • Enable AWS CloudTrail • Standardize Amazon VPCs with peering connections • Set up common ingress rules BCDR solutions across multiple regions • Configure Amazon S3 bucket replication • Provision Amazon RDS read replicas
Demo: StackSets
# Name Description 1. Generate KMS Encryption Keys Create a master encryption key with the AWS Key Management Service and set key usage permissions. 2. Enable AWS CloudTrail Enable AWS CloudTrail to provide a history of all API calls and related events. 3. Enable AWS Config Enable AWS Config to provide an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. 4. Check CloudTrail Enabled Enable an AWS Config rule to check whether AWS CloudTrail is enabled in the account. 5. Check Root account MFAs Enable an AWS Config rule to check whether the root user requires multi-factor authentication for console sign- in. 6. Check EIP attached Enable an AWS Config rule to check whether all EIP addresses allocated to a VPC are attached to EC2 instances or in-use ENIs. 7. VPC with a single Subnet Creates a VPC with a single subnet and an Internet Gateway. 8. VPC with Public and Private Subnets Creates a VPC with Public and Private Subnets and an Internet Gateway. 9. VPC Peering: specific subnets in One VPC with Two VPCs Creates VPCs and sets up a peering connection between specific subnets in One VPC with Two other VPCs across accounts, in a region. 10. VPC Peering: One VPC with specific subnets in Two VPCs Creates VPCs and sets up a peering connection between One VPC and specific subnets in Two VPCs, across accounts, in a region. 11. VPC Peering: One VPC to instances in Two VPCs Creates VPCs and sets up a peering connection between One VPC to instances in Two VPCs across accounts, in a region. 12. VPC Peering: One VPC to instances in multiple VPCs Creates VPCs and sets up a peering connection between One VPC to instances in multiple VPCs. 13. Create a highly reliable RDS database instance Creates an Amazon RDS database instance with read replicas in multiple AWS regions. 14. Enable S3 cross region replication Creates AWS Simple Storage bucket with read replicas in multiple AWS regions. Examples of templates available by default
Demo: Start with Existing Template https://aws.amazon.com/cloudformation/aws-cloudformation-templates/
Create catalogs of approved resources with AWS Service Catalog • AWS Service Catalog allows organizations to create and manage catalogs of IT services. • It enables users to quickly deploy the approved IT services they need in a self-service manner without access to the underlying services in AWS. Organizations Developers Control Standardization Governance Agility Self-service Time to market
AWS Service Catalog key benefits Ensure Compliance with Corporate Standards Help Employees Quickly Find and Deploy Approved IT Services Centrally Manage IT Service Lifecycle
Demo: Service Catalog
Automate configuration with Amazon EC2 Systems Manager • Enables automated configuration • Supports ongoing management of systems at scale • Works across all of your Windows and Linux workloads • Runs in Amazon EC2 or on-premises • Carries no additional charge to use
Amazon EC2 Systems Manager key benefits Support for hybrid Architecture Easy to Use Automation Improve Visibility and Control Maintain Software Compliance Reduce Costs Secure Role-Based Management
Amazon EC2 Systems Manager capabilities State Manager Maintenance WindowInventory Automation Parameter Store Run Command Patch manager
Demo - Disk Space Management Compliance checks: - required-disk-space: Checks usage % of each disk partition of an EC2 instance in an environment Send Inventory Request Notify IT Infrastructure Team about non-compliance Trigger Action Output Compliance State Manager Run Command Custom Inventory AWS Config Amazon SNS AWS Lambda
Demo: EC2 SSM
AWS OpsWorks Automate configuration with AWS OpsWorks for Chef Automate • Managed Chef Server and Chef Automate • Suite of automation tools that give you workflow automation for continuous deployment, automated testing for compliance and security with Chef
What is Chef? • Configuration Management Software • Recipes and Cookbooks • Chef development kit and toolset • Community
Commercial offering from Chef Software Suite of tools built on top of Chef Configuration Management • Continuous Deployment Pipeline • Automated compliance testing • Visibility What is Chef Automate?
AWS OpsWorks for Chef Automate key benefits Fully Managed Chef Server Programmable Infrastructure Scaling Made Easy Support from Active Chef Community Secure Simple to Manage Hybrid Environments
Gain visibility with AWS Config • Get inventory of all your AWS resources • Discover resources that exist in your account and capture configurations • Provide rules to ensure resource configurations conform to your internal best practices and guidelines
AWS Config key benefits • Enables you to assess, audit, and evaluate the configurations of your AWS resources • Continuously monitors and records your AWS resource configurations • Allows you to automate the evaluation of recorded configurations against desired configurations with Config rules Continuous Monitoring Change Management Continuous Assessment Operational Troubleshooting Benefits
AWS Config advanced features Configurable and Customizable Rules Configuration History of AWS Resources • Ensure that all EC2 instances in your cloud infrastructure use AMIs from an approved list • Identify managed EC2 instances that are running software packages and applications that are on the blacklist • Identify EC2 instances of a specific type or size • Identify EC2 volumes that are not encrypted.
New Feature Launch: AWS Config Dashboard An overview of your resources and their compliance with AWS Config rules
Demo: AWS Config + Config Rules
Gain visibility with AWS CloudTrail • Increase visibility into your user and resource activity • Discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account • Simplify your compliance audits by automatically recording and storing activity logs for your AWS account
AWS CloudTrail key benefits • Allows you to log, continuously monitor, and retain events related to API calls across your AWS infrastructure • Provides a history of AWS API calls for your account, including API calls made through the AWS Management Console, AWS SDKs, command line tools, and other AWS services Simplified Compliance Security Analysis and Troubleshooting Visibility Into User and Resource Activity Security Automation Benefits
Respond to changes with AWS CloudWatch • Monitoring service for AWS cloud resources and the applications you run on AWS. • You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.
AWS CloudWatch key benefits Monitor Amazon EC2 Monitor Other AWS Resources Monitor Custom Metrics Monitor and Store Logs Set Alarms View Graphs and Statistics
Demo: CloudTrail
Optimize with AWS Trusted Advisor • Get insight into how and where you can get the most impact for your AWS spend • Find opportunities to reduce your monthly spend and retain or increase productivity • Receive guidance on getting the optimal performance and availability based on your requirements
Demo: Trusted Advisor
Integrate with 3rd party tools
AWS Management Tools capabilities Control § AWS CloudFormation § AWS Service Catalog § EC2 Systems Manager § AWS OpsWorks § AWS Config § AWS CloudTrail § Amazon CloudWatch AWS Trusted Advisor § Model and automate Gain visibility Respond to changes Optimize Integrate
Where to find AWS Management Tools?
Simplified Resource Management Package AWS native services for business agility Automation and orchestration of best practices and corporate policies Guide provisioning choices to balance performance and consumption Guard against non compliance, reducing risk Governance and role-based segregation of duties Monitoring, alerting, auditing “StackSets presents the opportunity for significant time savings while increasing adherence to golden configurations across multiple accounts,” - Aater Suleman, Flux7 CEO
Playbook: AWS Management Creation Compliant Provisioning, Governance AWS CloudFormation: Infrastructure as Code Verification Monitoring and Alerting AWS Config, ConfigRules AWS CloudTrail Validation Auditing Trusted Advisor/Security Advisor AWS CloudTrail, ConfigRules - Shifts ownership of dependencies to developers - Creates consistency - Software defined infrastructure - Codifies corporate policies - Identify non-compliant configuration changes - Baseline for best practices -Wide net of best practices Custom resource support Governance Export to 3rd party or ELK based set up for analysis Reduce risk by catching common errors: - Unused instances - Open firewalls Core Function Key Benefit Power Usage
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Q&A
Thank You!

Recomendados

Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
Amazon Web Services
 
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsRaleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Amazon Web Services
 
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Amazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
Automated DevOps Workflows with Chef on AWS
Automated DevOps Workflows with Chef on AWSAutomated DevOps Workflows with Chef on AWS
Automated DevOps Workflows with Chef on AWS
Amazon Web Services
 
SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application Development
Amazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
Amazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
Amazon Web Services
 

Recomendados

Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
Amazon Web Services
 
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsRaleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Amazon Web Services
 
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Amazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
Automated DevOps Workflows with Chef on AWS
Automated DevOps Workflows with Chef on AWSAutomated DevOps Workflows with Chef on AWS
Automated DevOps Workflows with Chef on AWS
Amazon Web Services
 
SRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application DevelopmentSRV302 Deep Dive on Serverless Application Development
SRV302 Deep Dive on Serverless Application Development
Amazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
Amazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
Amazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
Amazon Web Services
 
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar... Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
Amazon Web Services
 
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
Amazon Web Services
 
AWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification Masterclass
Amazon Web Services
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options
Amazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrailAutomated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrail
Amazon Web Services
 
AWS Deployment Best Practices
AWS Deployment Best PracticesAWS Deployment Best Practices
AWS Deployment Best Practices
Amazon Web Services
 
Best Practices for Protecting Cloud Workloads - November 2016 Webinar Series
Best Practices for Protecting Cloud Workloads - November 2016 Webinar SeriesBest Practices for Protecting Cloud Workloads - November 2016 Webinar Series
Best Practices for Protecting Cloud Workloads - November 2016 Webinar Series
Amazon Web Services
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
Amazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
Amazon Web Services
 
Account Separation and Mandatory Access Control
Account Separation and Mandatory Access ControlAccount Separation and Mandatory Access Control
Account Separation and Mandatory Access Control
Amazon Web Services
 
Getting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless ComputingGetting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless Computing
Amazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
Amazon Web Services
 
Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon EC2 Systems Manager for Hybrid Cloud Management at ScaleAmazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon Web Services
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Amazon Web Services
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
Amazon Web Services
 
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
Amazon Web Services
 
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWSAWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
Amazon Web Services
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
Amazon Web Services
 
ENT314 Automate Best Practices and Operational Health for Your AWS Resources
ENT314 Automate Best Practices and Operational Health for Your AWS ResourcesENT314 Automate Best Practices and Operational Health for Your AWS Resources
ENT314 Automate Best Practices and Operational Health for Your AWS Resources
Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management ToolsENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
Amazon Web Services
 
AWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification Masterclass
Amazon Web Services
 
Best Practices for Protecting Cloud Workloads - November 2016 Webinar Series
Best Practices for Protecting Cloud Workloads - November 2016 Webinar SeriesBest Practices for Protecting Cloud Workloads - November 2016 Webinar Series
Best Practices for Protecting Cloud Workloads - November 2016 Webinar Series
Amazon Web Services
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
Amazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
Amazon Web Services
 
Getting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless ComputingGetting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless Computing
Amazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
Amazon Web Services
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Amazon Web Services
 
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWSAWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
Amazon Web Services
 
ENT314 Automate Best Practices and Operational Health for Your AWS Resources
ENT314 Automate Best Practices and Operational Health for Your AWS ResourcesENT314 Automate Best Practices and Operational Health for Your AWS Resources
ENT314 Automate Best Practices and Operational Health for Your AWS Resources
Amazon Web Services
 

La actualidad más candente (20)

WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
 
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar... Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
Improving Infrastructure Governance on AWS by Henrik Johansson, Solutions Ar...
 
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech TalksAWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
AWS Services Overview and Quarterly Update - April 2017 AWS Online Tech Talks
 
AWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification Masterclass
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrailAutomated Compliance and Governance with AWS Config and AWS CloudTrail
Automated Compliance and Governance with AWS Config and AWS CloudTrail
 
AWS Deployment Best Practices
AWS Deployment Best PracticesAWS Deployment Best Practices
AWS Deployment Best Practices
 
Best Practices for Protecting Cloud Workloads - November 2016 Webinar Series
Best Practices for Protecting Cloud Workloads - November 2016 Webinar SeriesBest Practices for Protecting Cloud Workloads - November 2016 Webinar Series
Best Practices for Protecting Cloud Workloads - November 2016 Webinar Series
 
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
 
Account Separation and Mandatory Access Control
Account Separation and Mandatory Access ControlAccount Separation and Mandatory Access Control
Account Separation and Mandatory Access Control
 
Getting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless ComputingGetting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless Computing
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon EC2 Systems Manager for Hybrid Cloud Management at ScaleAmazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWS
 
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
 
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWSAWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
ENT314 Automate Best Practices and Operational Health for Your AWS Resources
ENT314 Automate Best Practices and Operational Health for Your AWS ResourcesENT314 Automate Best Practices and Operational Health for Your AWS Resources
ENT314 Automate Best Practices and Operational Health for Your AWS Resources
 

Similar a AWS Management Tools Deep Dive - DevDay Los Angeles 2017

ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management ToolsENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
Amazon Web Services
 
AWS August Webinar Series - Getting Started with AWS Service Catalog
AWS August Webinar Series - Getting Started with AWS Service CatalogAWS August Webinar Series - Getting Started with AWS Service Catalog
AWS August Webinar Series - Getting Started with AWS Service Catalog
Amazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
Amazon Web Services
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
Amazon Web Services Korea
 
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesImproving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Amazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Amazon Web Services
 

Similar a AWS Management Tools Deep Dive - DevDay Los Angeles 2017 (20)

ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management ToolsENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
AWS August Webinar Series - Getting Started with AWS Service Catalog
AWS August Webinar Series - Getting Started with AWS Service CatalogAWS August Webinar Series - Getting Started with AWS Service Catalog
AWS August Webinar Series - Getting Started with AWS Service Catalog
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both Worlds
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
 
AWS User Group Hungary - re:Invent review
AWS User Group Hungary - re:Invent reviewAWS User Group Hungary - re:Invent review
AWS User Group Hungary - re:Invent review
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS Resources
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
 
Improving Infrastructure Governance on AWS
Improving Infrastructure Governance on AWSImproving Infrastructure Governance on AWS
Improving Infrastructure Governance on AWS
 
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
re:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudre:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloud
 
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar SeriesImproving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
Improving Infrastructure Governance on AWS - AWS June 2016 Webinar Series
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the Cloud
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Management Tools Deep Dive - DevDay Los Angeles 2017

  • 1.
  • 2. WIFI: awsDevDay | PASS: CodeHappy U P N E X T : AWS Management Tools Deep Dive
  • 3. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Management Tools Deep Dive Take control over your cloud environment Chuck Meyer Sr Developer Advocate, CloudFormation October 10, 2017
  • 4. AWS Management Tools • Why did we build AWS Management Tools • What is AWS Management Tools • Capabilities you need • Q&A
  • 6. What do you need? Control over your cloud environment Provision resources Gain insights Monitor and optimize
  • 7. AWS Management Tools capabilities Model and automate Gain visibility Respond to changes Optimize Integrate Control
  • 8. Model your cloud with AWS CloudFormation Template CloudFormation Stack JSON/YAML formatted file Parameter definition Resource creation Configuration actions Configured AWS services Comprehensive service support Service event aware Customizable Framework Stack creation Stack updates Error detection and rollback • CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion
  • 9. AWS CloudFormation key benefits Infrastructure as Code Declarative and Flexible Easy to Use Supports a Wide Range of AWS Resources
  • 10. New Feature Launch: StackSets
  • 11. What are StackSets? Allow creation of a common set of AWS resources across accounts and regions Provide a container for a collection of AWS CloudFormation stacks Stack 2 : A2, us-west1 Stack 3 : A3, us-west -1 Stack 4: A 4, us-west-1 Stack 5: A5, us-west-1 Stack 1: A1, us-west-1
  • 12. Use cases? Provisioning multiple accounts with identical AWS resources • Set up AWS KMS keys • Enable AWS CloudTrail • Standardize Amazon VPCs with peering connections • Set up common ingress rules BCDR solutions across multiple regions • Configure Amazon S3 bucket replication • Provision Amazon RDS read replicas
  • 14. # Name Description 1. Generate KMS Encryption Keys Create a master encryption key with the AWS Key Management Service and set key usage permissions. 2. Enable AWS CloudTrail Enable AWS CloudTrail to provide a history of all API calls and related events. 3. Enable AWS Config Enable AWS Config to provide an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. 4. Check CloudTrail Enabled Enable an AWS Config rule to check whether AWS CloudTrail is enabled in the account. 5. Check Root account MFAs Enable an AWS Config rule to check whether the root user requires multi-factor authentication for console sign- in. 6. Check EIP attached Enable an AWS Config rule to check whether all EIP addresses allocated to a VPC are attached to EC2 instances or in-use ENIs. 7. VPC with a single Subnet Creates a VPC with a single subnet and an Internet Gateway. 8. VPC with Public and Private Subnets Creates a VPC with Public and Private Subnets and an Internet Gateway. 9. VPC Peering: specific subnets in One VPC with Two VPCs Creates VPCs and sets up a peering connection between specific subnets in One VPC with Two other VPCs across accounts, in a region. 10. VPC Peering: One VPC with specific subnets in Two VPCs Creates VPCs and sets up a peering connection between One VPC and specific subnets in Two VPCs, across accounts, in a region. 11. VPC Peering: One VPC to instances in Two VPCs Creates VPCs and sets up a peering connection between One VPC to instances in Two VPCs across accounts, in a region. 12. VPC Peering: One VPC to instances in multiple VPCs Creates VPCs and sets up a peering connection between One VPC to instances in multiple VPCs. 13. Create a highly reliable RDS database instance Creates an Amazon RDS database instance with read replicas in multiple AWS regions. 14. Enable S3 cross region replication Creates AWS Simple Storage bucket with read replicas in multiple AWS regions. Examples of templates available by default
  • 15. Demo: Start with Existing Template https://aws.amazon.com/cloudformation/aws-cloudformation-templates/
  • 16. Create catalogs of approved resources with AWS Service Catalog • AWS Service Catalog allows organizations to create and manage catalogs of IT services. • It enables users to quickly deploy the approved IT services they need in a self-service manner without access to the underlying services in AWS. Organizations Developers Control Standardization Governance Agility Self-service Time to market
  • 17. AWS Service Catalog key benefits Ensure Compliance with Corporate Standards Help Employees Quickly Find and Deploy Approved IT Services Centrally Manage IT Service Lifecycle
  • 19. Automate configuration with Amazon EC2 Systems Manager • Enables automated configuration • Supports ongoing management of systems at scale • Works across all of your Windows and Linux workloads • Runs in Amazon EC2 or on-premises • Carries no additional charge to use
  • 20. Amazon EC2 Systems Manager key benefits Support for hybrid Architecture Easy to Use Automation Improve Visibility and Control Maintain Software Compliance Reduce Costs Secure Role-Based Management
  • 21. Amazon EC2 Systems Manager capabilities State Manager Maintenance WindowInventory Automation Parameter Store Run Command Patch manager
  • 22. Demo - Disk Space Management Compliance checks: - required-disk-space: Checks usage % of each disk partition of an EC2 instance in an environment Send Inventory Request Notify IT Infrastructure Team about non-compliance Trigger Action Output Compliance State Manager Run Command Custom Inventory AWS Config Amazon SNS AWS Lambda
  • 24. AWS OpsWorks Automate configuration with AWS OpsWorks for Chef Automate • Managed Chef Server and Chef Automate • Suite of automation tools that give you workflow automation for continuous deployment, automated testing for compliance and security with Chef
  • 25. What is Chef? • Configuration Management Software • Recipes and Cookbooks • Chef development kit and toolset • Community
  • 26. Commercial offering from Chef Software Suite of tools built on top of Chef Configuration Management • Continuous Deployment Pipeline • Automated compliance testing • Visibility What is Chef Automate?
  • 27. AWS OpsWorks for Chef Automate key benefits Fully Managed Chef Server Programmable Infrastructure Scaling Made Easy Support from Active Chef Community Secure Simple to Manage Hybrid Environments
  • 28. Gain visibility with AWS Config • Get inventory of all your AWS resources • Discover resources that exist in your account and capture configurations • Provide rules to ensure resource configurations conform to your internal best practices and guidelines
  • 29. AWS Config key benefits • Enables you to assess, audit, and evaluate the configurations of your AWS resources • Continuously monitors and records your AWS resource configurations • Allows you to automate the evaluation of recorded configurations against desired configurations with Config rules Continuous Monitoring Change Management Continuous Assessment Operational Troubleshooting Benefits
  • 30. AWS Config advanced features Configurable and Customizable Rules Configuration History of AWS Resources • Ensure that all EC2 instances in your cloud infrastructure use AMIs from an approved list • Identify managed EC2 instances that are running software packages and applications that are on the blacklist • Identify EC2 instances of a specific type or size • Identify EC2 volumes that are not encrypted.
  • 31. New Feature Launch: AWS Config Dashboard An overview of your resources and their compliance with AWS Config rules
  • 32. Demo: AWS Config + Config Rules
  • 33. Gain visibility with AWS CloudTrail • Increase visibility into your user and resource activity • Discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account • Simplify your compliance audits by automatically recording and storing activity logs for your AWS account
  • 34. AWS CloudTrail key benefits • Allows you to log, continuously monitor, and retain events related to API calls across your AWS infrastructure • Provides a history of AWS API calls for your account, including API calls made through the AWS Management Console, AWS SDKs, command line tools, and other AWS services Simplified Compliance Security Analysis and Troubleshooting Visibility Into User and Resource Activity Security Automation Benefits
  • 35. Respond to changes with AWS CloudWatch • Monitoring service for AWS cloud resources and the applications you run on AWS. • You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.
  • 36. AWS CloudWatch key benefits Monitor Amazon EC2 Monitor Other AWS Resources Monitor Custom Metrics Monitor and Store Logs Set Alarms View Graphs and Statistics
  • 38. Optimize with AWS Trusted Advisor • Get insight into how and where you can get the most impact for your AWS spend • Find opportunities to reduce your monthly spend and retain or increase productivity • Receive guidance on getting the optimal performance and availability based on your requirements
  • 40. Integrate with 3rd party tools
  • 41. AWS Management Tools capabilities Control § AWS CloudFormation § AWS Service Catalog § EC2 Systems Manager § AWS OpsWorks § AWS Config § AWS CloudTrail § Amazon CloudWatch AWS Trusted Advisor § Model and automate Gain visibility Respond to changes Optimize Integrate
  • 42. Where to find AWS Management Tools?
  • 43. Simplified Resource Management Package AWS native services for business agility Automation and orchestration of best practices and corporate policies Guide provisioning choices to balance performance and consumption Guard against non compliance, reducing risk Governance and role-based segregation of duties Monitoring, alerting, auditing “StackSets presents the opportunity for significant time savings while increasing adherence to golden configurations across multiple accounts,” - Aater Suleman, Flux7 CEO
  • 44. Playbook: AWS Management Creation Compliant Provisioning, Governance AWS CloudFormation: Infrastructure as Code Verification Monitoring and Alerting AWS Config, ConfigRules AWS CloudTrail Validation Auditing Trusted Advisor/Security Advisor AWS CloudTrail, ConfigRules - Shifts ownership of dependencies to developers - Creates consistency - Software defined infrastructure - Codifies corporate policies - Identify non-compliant configuration changes - Baseline for best practices -Wide net of best practices Custom resource support Governance Export to 3rd party or ELK based set up for analysis Reduce risk by catching common errors: - Unused instances - Open firewalls Core Function Key Benefit Power Usage
  • 45. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Q&A